# Queen Florist - .htaccess Configuration
# Optimized for CPanel hosting

# Enable URL rewriting
RewriteEngine On

# Security headers
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options nosniff
    Header always set X-Frame-Options DENY
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://wa.me;"
</IfModule>

# Force HTTPS (uncomment if SSL is installed)
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Compress text, html, css, javascript, json, xml
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
    AddOutputFilterByType DEFLATE application/x-font
    AddOutputFilterByType DEFLATE application/x-font-opentype
    AddOutputFilterByType DEFLATE application/x-font-otf
    AddOutputFilterByType DEFLATE application/x-font-truetype
    AddOutputFilterByType DEFLATE application/x-font-ttf
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE font/opentype
    AddOutputFilterByType DEFLATE font/otf
    AddOutputFilterByType DEFLATE font/ttf
    AddOutputFilterByType DEFLATE image/svg+xml
    AddOutputFilterByType DEFLATE image/x-icon
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/javascript
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/xml
</IfModule>

# Leverage browser caching
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/pdf "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType application/x-shockwave-flash "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresDefault "access plus 2 days"
</IfModule>

# Set MIME types
<IfModule mod_mime.c>
    AddType application/javascript .js
    AddType application/json .json
    AddType image/svg+xml .svg
    AddType text/css .css
    AddType text/html .html
    AddType text/plain .txt
</IfModule>

# Prevent directory browsing
Options -Indexes

# Hide Apache version
ServerTokens Prod
ServerSignature Off

# Protect sensitive files
<FilesMatch "^\.">
    Order allow,deny
    Deny from all
</FilesMatch>

<FilesMatch "(^#.*#|.(bak|config|dist|fla|inc|ini|log|psd|sql|swp)$)">
    Order allow,deny
    Deny from all
</FilesMatch>

# Protect config files
<Files "config/database.php">
    Order allow,deny
    Deny from all
</Files>

# Custom error pages
ErrorDocument 404 /index.php
ErrorDocument 403 /index.php
ErrorDocument 500 /index.php

# PHP settings (if allowed by host)
<IfModule mod_php7.c>
    php_flag display_errors Off
    php_value max_execution_time 30
    php_value memory_limit 128M
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
</IfModule>

<IfModule mod_php8.c>
    php_flag display_errors Off
    php_value max_execution_time 30
    php_value memory_limit 128M
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
</IfModule>

# Block suspicious user agents
<IfModule mod_setenvif.c>
    SetEnvIfNoCase User-Agent ^$ bad_bot
    SetEnvIfNoCase User-Agent ^$ bad_bot
    SetEnvIfNoCase User-Agent ^- bad_bot
    SetEnvIfNoCase User-Agent ^.* bad_bot
    SetEnvIfNoCase User-Agent ^Anarchie bad_bot
    SetEnvIfNoCase User-Agent ^ASPSeek bad_bot
    SetEnvIfNoCase User-Agent ^attach bad_bot
    SetEnvIfNoCase User-Agent ^autoemailspider bad_bot
    SetEnvIfNoCase User-Agent ^Xaldon\ WebSpider bad_bot
    SetEnvIfNoCase User-Agent ^Xenu bad_bot
    SetEnvIfNoCase User-Agent ^Zeus bad_bot
    
    Order allow,deny
    Allow from all
    Deny from env=bad_bot
</IfModule>

# Enable CORS for specific domains
<IfModule mod_headers.c>
    <FilesMatch "\.(js|css|png|jpg|jpeg|gif|ico|svg)$">
        Header set Access-Control-Allow-Origin "*"
    </FilesMatch>
</IfModule>

# Optimize loading
<IfModule mod_rewrite.c>
    RewriteRule ^assets/css/(.*)$ assets/css/$1 [L]
    RewriteRule ^assets/js/(.*)$ assets/js/$1 [L]
    RewriteRule ^assets/images/(.*)$ assets/images/$1 [L]
</IfModule>